cross-posted from: https://fed.dyne.org/post/343234
Google Starts Fingerprint-Tracking All Your Devices In 8 Weeks
The worse, it does not only using Google Apps or Services, but more than the half of existing webpages use one or another Google API (at least googleanalytigs and google-tagmanager.which log and spy the visitors and users.
Hard, very hard to avoid it, Googles eyes are everywhere, even in FOSS.
You can pretty much block those domains in noscript without breaking the Website
Yes, you can easily block the tracking crap being downloaded to your HD and added to your browser, almost everyone do it, but you can’t blck the logging of websites which use the Google (mostly) and other APIs. They store your PC and browser data in their server, which you can’t access. The only possibility is using a VPN and other which spoof or fake your data, so that is don’t have a real value. To use a mail which permits to mask your real mail direction, because your mail is an unique identifier which can be tracked all over the web. Using Image share which delete the EXIF data (vgy.me eg., Read always PP to see with which companies are shared your data, and some protections more to patch the worst privacy holes, but forget 100% privacy in the moment you goes online, it’s only a myth to calm the people which intent to stay private with their shitty PC against the tech of the big ones.
You should know when and how you are being tracked, and you should have an easy-button to say thanks, but no thanks.
Opt-out!? That’s not even close to being a good solution.
Your data should not be collected, and you should not be tracked, UNLESS you agree yo it, ie opt-in, AND data collection is proportional/appropriate for the stated goal.
That’s the spirit of GDPR.
What exactly is the change being made? I don’t see that the article actually explains it anywhere.
They are updating their Platforms program policies
You can read the current version, archived here
And here’s the proposed changes
I haven’t read it all, but some glaring changes stand out in regards to fingerprinting (no longer prohibited) and device unique identifiers (no longer prohibited from gathering). Basically, Google wants to become even more lax with how users are tracked by their advertising partners
So the e-mail I got with them claiming they will delete my location history is a lie?
Time to root and degoogle for the unfortunate.
I didn’t see anything about the implications of this on the EU and GDPR?
*laughs in LineageOS
Laughs in GrapheneOS.
Pretty sure Graphene doesn’t do much about fingerprinting on its own, it’s nearly entirely up to the browser. They mention some of their plans to address that with Vanadium, but make no claims as to how effective it is now (at least on the features page).
No google on device no tracking, and I don’t use google services anyhow (with first party clients anyhow). I do have google play services installed but no google account so they don’t have an identity to connect the data they might be able to collect from the phone. Only google service I use is youtube but that’s with third party clients only (FreeTube & NewPipe) over vpn of course.
Right – all privacy-positive methods to employ, but not helpful for fingerprinting. In fact, some things can make you more susceptible to fingerprinting because they make you more unique (like using a custom OS). It’s all about your browser and what it chooses to send with HTTP requests, how it responds to queries for you device/browser specs (via Javacript). Your OS, system architecture, hardware details, browser type and plugins, etc combine to make a very unique profile tied to your device. It’s especially nefarious because all those bits are cross-referenced over all accounts and devices to make a global profile on you. Even if you’ve never used Facebook, you probably have a shadow profile. If you’ve ever logged into the same service or website account on your de-Googled GrapheneOS device as another machine that does have Google services tracking, then your new device is likely already tied to your identity.
Try this with different browsers – it tests the uniqueness of your device.
Glad I don’t use any Google services and no apps on graphene OS then for my main computers I run Fedora silverblue with no Google once again.
Yes but do you use PiHole and a solid VPN? Do you spoof your browser’s useragent? Even then, some would argue that you are not safe enough from Google’s prying eyes.
Doesn’t matter, your browser will be fingerprinted with some embedded JavaScript that works in all modern browsers. Detecting VPNs is also trivial.
It doesn’t matter if they detect you’re on a VPN when that VPN is shared by tens of thousands or millions of others. Thats literally the point. It prevents fingerprinting by IP
“User connects via VPN XYZ” is part of the fingerprint. It doesn’t protect you from identifying you, instead it ads to the number of unique properties of your computer and connection, adding to the size of your fingerprint. Besides, a lot of VPNs and proxies add another header x-forwarded-for with your original IP. Source: I worked on multiple e-commerce platforms that use fingerprinting as part of their fraud protection. Also see https://coveryourtracks.eff.org/learn for a more detailed explanation.
Of course it protects you. You can’t use the internet without an IP address. The best IP address is one that’s shared with as many people as possible. That’s why people use VPNs.
Of course you get a fingerprint. The key is to have a fingerprint thats shared by as many people as possible.
